TORONTO — Equifax Canada’s customer service agents are telling callers that only Canadians who have had dealings in the United States are likely to be affected by the massive hack announced last week.

The credit monitoring company’s call centre staff say that Canadians who have Equifax accounts in the U.S. could be at risk of having their data compromised, such as those who have lived, worked or applied for credit south of the border.

The Canadian Press made multiple calls as consumers to Equifax Canada’s customer service line and were told that consumers whose credit files were not checked outside of Canada are unlikely to be part of any breach.

Equifax Canada did not immediately respond to requests for comment.

Equifax Inc. said last Thursday a security breach occurred over the summer that compromised the private information of up to 143 million Americans, along with an undisclosed number of Canadians. But the company has been tight-lipped about further details, including how many Canadians may have been exposed.

Equifax Canada’s website says that “only a limited number of Canadians may have been affected” and “the breach is contained.”

“We are working night and day to assess what happened,” the credit monitoring company says on its Canadian website.

The Canadian breach may have impacted names, addresses and social insurance numbers, Equifax added.

Organizations that have been targeted by a hack will soon be required by law to provide detailed information to both affected consumers and the Privacy Commissioner of Canada, if changes to the Canada’s Personal Information Protection and Electronic Documents Act go ahead as proposed.

As part of new mandatory data breach reporting requirements, organizations must notify individuals directly and provide specific information, such as the circumstances of the breach, the day or period when the breach occurred, and a description of the personal information that has been compromised. Canada’s Department of Industry posted the proposed text of the new regulations on Canada Gazette on Sept. 2, for a 30-day public consultation.

Meanwhile, Canada’s privacy commissioner has said it has prioritized an examination into the hack to ensure that Canadians’ information are protected by future risks.

Canadian and American credit files must be kept separate due to differences in the various laws within the U.S. and Canada, according to the Equifax Canada website.

However, American companies can pull Canadians’ files in Canada with consumers’ permission, according to credit risk expert Mike Morley.

“Let’s say you’re a Canadian applying for a mortgage in the U.S. for your cottage… They will make a decision based on your Canadian credit information,” Morley said.

That would generate a U.S. credit file for the consumer, he said.

Morley added that Canadians who live and work south of the border would have their credit history pulled in Canada in various situations, including when applying for a credit card, or even by a potential employer or landlord.

Equifax has set up a dedicated website, equifaxsecurity2017.com, and call centre to help consumers determine if their information has been compromised.

However, Canada’s privacy watchdog says the website won’t help Canadians because it uses U.S. social security numbers.

At least two proposed class action lawsuits have been started on behalf of Canadians who may have been affected by the hack.

Tony Merchant, the founder of Merchant Law Group, says he has filed proposed class actions on behalf of plaintiffs in British Columbia, Saskatchewan, Ontario and Quebec. The four plaintiffs checked their files on Equifax’s American website — which asks for last names and U.S. social security numbers — and were told their data may have been divulged, he added.

Merchant’s law firm, which has offices in Edmonton and Calgary, has seen more than 700 Canadians sign up to be part of the class action.

A spokeswoman for the Canadian Anti-Fraud Centre, which is the central agency in Canada that collects identification theft complaints and other related matters, said Wednesday it has not received any complaints in connection with the Equifax hack.

This Week's Flyers

Comments

We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.